Today's Cybersecurity Pulse
CISA adds critical Android and Linux flaws to KEV catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) listed two high‑severity vulnerabilities in its Known Exploited Vulnerabilities catalog: Android CVE‑2025‑48595, an integer overflow that enables privilege escalation on Android 14‑16 without user interaction, and Linux CVE‑2022‑0492. Google released patches for the Android bug in June 2026.
Also developing:
By the numbers: Ingeteam receives $82.5M loan from EIB
5 Ways Zero Trust Maximizes Identity Security
Stolen credentials accounted for 22% of known initial access attempts in 2025, making them the top entry vector for attackers. Zero Trust promises to curb this risk, but only when identity is the core focus rather than a collection of isolated controls. By applying least‑privilege, continuous context‑aware authentication, granular segmentation, and centralized governance, organizations can contain breaches and reduce privilege escalation. The article outlines five concrete ways Zero Trust strengthens identity security, from device trust to third‑party access management.
Quantum Computers Could Usher in a Crisis Worse than Y2K
Quantum researchers warn that a functional, large‑scale quantum computer capable of breaking RSA and ECC encryption – dubbed Q‑Day – may emerge within the next decade. The threat mirrors the Y2K panic, but the underlying cryptographic foundations are far more...
X.Org X Server and Xwayland Security Advisory Released for Multiple Issues
The X.Org X server and Xwayland projects have issued a security advisory covering five critical vulnerabilities (CVE‑2026‑33999‑34003). Updated packages—xorg‑server‑21.1.22 and xwayland‑24.1.10—contain patches that resolve integer underflow, out‑of‑bounds reads, and a use‑after‑free bug in XKB and XSYNC components. The flaws, discovered...
Claroty Advances CPS Security with Visibility Orchestration in xDome
Claroty has launched Visibility Orchestration within its SaaS platform Claroty xDome, turning vague asset visibility into a measurable score that drives security actions. The new capabilities automatically assess visibility gaps, prioritize remediation tasks, and enrich asset data using AI, Edge scans,...
Musician G. Love Loses $424,000 to Fake Ledger App, Spotlighting Crypto Wallet Fraud
Musician G. Love saw his retirement savings of roughly $424,000 vanish after a counterfeit Ledger Live app on Apple’s Mac App Store stole 5.92 bitcoin. Blockchain investigator ZachXBT traced the funds to KuCoin, highlighting gaps in app‑store vetting and the high...
Citibank Launches AI-Driven Wealth Tool, Sparking Privacy and Compliance Debate
Citibank has introduced an AI‑powered advisory feature for its wealth‑management customers, offering real‑time portfolio insights and automated note‑taking. The rollout has triggered immediate scrutiny from regulators and privacy advocates over data usage, model transparency and compliance risks. The bank says...
Cyberattack Surge Fuels Demand for Cybersecurity Consulting as Accenture Invests $3 B in AI
A string of high‑impact cyber incidents in early 2026—including breaches at Stryker, Lockheed Martin and a 1.5 billion‑record Salesforce hack—has ignited a rush for cybersecurity consulting services. Consulting giants are responding with expanded incident‑response teams and AI‑driven risk platforms, highlighted by...
UK Regulators Convene Emergency Session on Anthropic AI Model Threat to Financial Systems
The Bank of England, the Financial Conduct Authority and HM Treasury met with the National Cyber Security Centre and leading insurers to discuss urgent risks posed by Anthropic’s new Claude Mythos AI model, which has flagged thousands of software vulnerabilities. The...
Google, Microsoft, Meta All Tracking You Even When You Opt Out, According to an Independent Audit
An independent audit by webXray examined traffic on more than 7,000 California websites and found that Google, Microsoft and Meta routinely set advertising cookies even when users sent a Global Privacy Control (GPC) opt‑out signal. Google ignored the signal on...
Booking.com Confirms Data Breach Impacting Millions of Travelers
Booking.com announced that unauthorized parties accessed reservation data for potentially millions of guests. The company reset reservation PINs and warned users of phishing attempts. The breach raises fresh security concerns for the online travel market.
AI‑Generated CEO Voice Hack on Pedestrian Buttons Sparks CIO Security Alarm
A hack that injected AI‑generated CEO voices into pedestrian crosswalk buttons across Menlo Park, Redwood City, Palo Alto, Seattle and Denver highlighted a tangible AI‑misinformation threat. CIOs are now urged to embed stronger cybersecurity clauses in vendor contracts and address default passwords that...
Polkadot Drops 10% After Hyperbridge Hack Creates 1 Billion Fake DOT Tokens
Polkadot’s price slumped 10% after an attacker exploited the Hyperbridge cross‑chain protocol, minting 1 billion counterfeit DOT tokens. The breach netted only $237,000 in real value, but it underscored persistent vulnerabilities in DeFi bridge infrastructure.
Oligo Security Moves Beyond CVE Prioritization with Real-Time Application-Layer Exploit Blocking
Oligo Security unveiled Runtime Exploit Blocking, a capability that intercepts application‑layer exploit attempts in real time without terminating containers or disrupting services. The technology correlates function calls with system activity to detect malicious sequences and blocks the offending system call...
Manifest Platform From Manifold Targets AI Agent Supply Chain Security Gaps
Manifold Security launched Manifest, a free, open‑access platform that maps AI agent supply‑chain dependencies and external system interactions. The graph‑based service builds execution and environment graphs to reveal hidden risk patterns that traditional file‑level scans miss. Manifold’s accompanying report identified...
FossID Launches Agentic SCA to Bring Real-Time Compliance to AI-Driven Code Development
FossID AB introduced Agentic SCA, a real‑time software composition analysis layer designed for AI‑driven code development. The solution embeds compliance checks directly into AI agents, enabling instant detection of open‑source components, license obligations, and vulnerabilities as code is written. By...
DavMail 6.6.0 Patches a Regex Flaw and Advances Its Microsoft Graph Backend
DavMail 6.6.0 was released this week, addressing a regex‑based security alert, updating the OAuth redirect URI to match Microsoft’s recent OIDC change, and fixing multiple IMAP, SMTP, CalDAV and CardDAV bugs. The update adds VCARD4 birthday support, switches CardDAV photo...
Kraken Is Actively Being Extorted by Criminals Threatening to Release the Top Crypto Exchange’s Internal Data
Kraken disclosed that criminals are extorting the exchange after two support employees improperly accessed limited client data. Approximately 2,000 accounts, representing 0.02% of its user base, were potentially viewed, but the core trading and custody systems were not breached and...
Intruder Adds Container Image Scanning to Cloud Security Platform
Intruder has expanded its cloud security platform to include daily container image scanning across AWS Elastic Container Registry, Google Cloud Artifact Registry, and Azure Container Registry. The new capability uses a graphical interface that requires no agents, letting both security...
Why CIOs Are Moving Away From Legacy Consulting in the AI Era
CIOs are abandoning traditional consulting firms as AI accelerates transformation and exposes gaps in strategy‑execution alignment. Legacy firms’ sequential approach and post‑hoc security fail to meet the speed, precision, and accountability CIOs now demand. New‑generation firms that embed security and...
3 Quantum Realities to Confront This World Quantum Day
World Quantum Day highlighted the accelerating timeline toward a post‑quantum future, with industry leaders warning that waiting for certainty will delay critical migration. Experts emphasized that the operational risk lies in how long it takes to identify dependencies, prioritize remediation,...
China-Linked Cloud Credential Heist Runs on Typos and SMTP
Chinese‑aligned APT41 has deployed a Linux ELF backdoor that steals cloud credentials across AWS, GCP, Azure and Alibaba Cloud. The malware uses port 25 SMTP as a covert C2 channel, sending harvested IAM role and service‑account tokens to three typosquatted...
Cloud Storage Security Announces the Official Launch of DataDefender, a Novel DSPM Platform Focused on Data Stored in the Cloud
Cloud Storage Security launched DataDefender, an AI‑driven Data Security Posture Management (DSPM) platform that classifies and monitors cloud‑stored data in real time. The solution spotlights sensitive information across AWS environments, flagging misconfigurations, insider threats, and external attacks while supporting compliance...
Regulators Flag AI as Emerging Financial Stability Threat
Regulators are starting to take AI risks seriously. U.S. officials have warned banks about the cybersecurity threats posed by increasingly powerful AI systems, signaling concern at the highest levels. This is a shift. AI is no longer just a tech issue, it...
Superblocks Adds Enterprise Guardrails to Raw AI
"Why not just use Claude?" Because raw AI + enterprise data + zero governance = a CISO’s worst nightmare. Prompts don't create audit trails or permissions. Today @superblocks wraps enterprise guardrails around AI. Insane update today from @bradmenezes et al! 🔥
What Is Anthropic's Mythos AI Model and Why Does It Have the Financial World in a Panic?
Anthropic PBC unveiled Mythos, a general‑purpose AI model that can independently locate and exploit high‑severity software vulnerabilities. The company disclosed that Mythos identified thousands of flaws across major operating systems and browsers, prompting Anthropic to restrict public release and instead...
Survive the AI Vulnerability Festival: Your Vulnapalooza Guide
Everyone's worried about the Vulnpocalypse, vulnmageddon, vulnerability storm brought on by #AI like #Mythos, but what if we treated this like a music festival? We all have tickets to Vulnapalooza. Here's your festival survival guide. https://t.co/9EYqmueCPf
AI Is Simplifying Online Crime, Danger Escalates
AI is already making online crimes easier. It could get much worse. | MIT Technology Review https://t.co/OOi3OhIPMa
Anchore Enterprise and the DoD DevSecOps Reference Design
Anchore Enterprise has been tightly woven into the Department of Defense’s DevSecOps Reference Design, providing automated security guardrails across every stage of the software factory. By generating SBOMs, enforcing policy‑as‑code, and continuously scanning containers, Anchore stops vulnerable code before it...
DataVisor Brings Conversational AI Agents to Fraud and AML Operations
DataVisor unveiled Vera, a conversational AI agent suite that lets financial institutions manage fraud and AML tasks through plain‑language commands. The platform automates detection, investigation, and regulatory reporting, promising up to three‑fold gains in detection coverage and a 20‑30× reduction...
SAP Patches Critical ABAP Vulnerability
SAP released 20 new and updated security notes on April 14, 2026, including two critical CVEs. The most severe, CVE‑2026‑27681 (CVSS 9.9), is a SQL‑injection flaw in Business Planning and Consolidation and Business Warehouse that enables arbitrary code execution. SAP mitigated the issue...
The Veto Is Gone: Hungary’s Election Upends EU-Ukraine Cyber Defense and Data Sovereignty Dynamics
Hungarian Prime Minister Viktor Orban’s defeat and Peter Magyar’s landslide win removed Hungary’s veto that blocked a €90 billion ($97 billion) Ukraine aid package. The loan is now expected to be finalized, channeling funds into Ukraine’s digital infrastructure, cyber‑defense capacity, and EU‑aligned...
Evaluating Trust, ROI, and Risks of Anthropic's Security Model
Mythos ~ Anthropic released a new model they claim is scary good at finding security vulnerabilities. What questions should we be asking? No hot take. Just pondering how we can trust a model, the ROI, and how we can evaluate the...
Anthropic’s Mythos Raises the Stakes for Software Security
Anthropic has placed its new Claude Mythos preview model—capable of uncovering thousands of previously unknown software vulnerabilities—behind a tightly controlled early‑access program. The company limited access to a select group of major technology and security firms, citing the model’s dual‑use...
How Contact Centers Detect and Prevent Fraud
Contact centers are increasingly targeted by fraudsters exploiting weak authentication and under‑trained agents, especially as operations shift to digital and remote channels. Common schemes include identity theft, account takeover, card‑not‑present purchases, and vishing attacks that leverage caller‑ID spoofing and synthetic...
DNS Security Is Often Inadequate, and Network Engineers Should Get More Involved
Enterprise Management Associates’ DDI Directions 2026 report reveals that only 28% of DDI experts consider their DNS infrastructure fully secure. Threats are evolving, with 86% of enterprises witnessing AI‑enhanced DNS attacks and concerns ranging from malicious redirections to DDoS and...
Triad Nexus Evades Sanctions to Fuel Cybercrime
Triad Nexus, an illicit cyber‑crime network active since 2020, has generated over $200 million in losses through sophisticated cryptocurrency investment‑fraud known as pig‑butchering. After the U.S. sanctioned its primary CDN partner Funnull in 2025, the group adopted infrastructure‑laundering tactics, using front‑company...
How Hackers Are Thinking About AI
A new academic paper examines over 160 cyber‑crime forum posts collected across seven months, revealing how hackers are beginning to incorporate artificial intelligence into their operations. The research shows a dual mindset: strong curiosity about leveraging both off‑the‑shelf AI services...
QBS Software Africa, Partners to Tackle AI Threats at ITWeb Security Summit 2026
QBS Software Africa (Maxtec) will showcase AI‑focused security solutions alongside partners Atera, Fortinet, Fortra, Ivanti and Thales at the ITWeb Security Summit in Johannesburg. The event will address rising AI‑driven attacks, supply‑chain vulnerabilities, and the acute cybersecurity skills shortage in...
Microsoft Tests OpenClaw‑Style Security Features for Enterprise 365 Copilot
Microsoft confirmed it is testing OpenClaw‑inspired security and governance controls for its Microsoft 365 Copilot, targeting large‑enterprise users. The effort builds on earlier agentic tools like Copilot Cowork and aims to deliver an always‑on assistant that can act autonomously while...
FCC Advances Consumer IoT Protection Scheme
The Federal Communications Commission has moved forward with a voluntary cybersecurity program for consumer Internet of Things (IoT) devices by naming the ioXT Alliance as the lead administrator of the US Cyber Trust Mark Programme. The scheme will allow qualifying...
Ontario AI Law Labeled ‘Empty Shell’ by Privacy Watchdog, Raising Insurance Risks
Ontario’s Office of the Information and Privacy Commissioner warned that the province’s AI legislation, the Enhancing Digital Security and Trust Act (EDSTA), is “no more than an empty shell.” The critique highlights a regulatory gap that could leave insurers scrambling...
Petabyte‑Scale Breaches Sweep U.S. and Global Targets, Sparking Data Governance Alarm
In early 2026 a cascade of cyber incidents stole up to ten petabytes of data from high‑profile organizations, including a 375‑terabyte breach at Lockheed Martin and a ransomware hit on PowerSchool that exposed 60 million children. The attacks have ignited a...
Generative AI Now Finds Zero-Day Vulnerabilities, Prediction Proven
Three years ago, I said in my talks that generative AI would eventually start discovering zero-day vulnerabilities. At the time, many people dismissed the idea as unrealistic. It is no longer unrealistic. https://t.co/Xrh5MjNmuA
Ransomware-Linked ViperTunnel Malware Hits UK and US Businesses
InfoGuard discovered a new Python‑based backdoor called ViperTunnel operating in UK and US enterprises. The malware disguises itself as a system DLL and leverages the sitecustomize.py module to execute code automatically, establishing a SOCKS5 proxy on port 443. Developed by the...
Microsoft Threat Intelligence Says AI Is Now a Core Tool for Cyber‑attackers
Microsoft Threat Intelligence released a report confirming that attackers are using generative AI across scouting, phishing, malware creation and infrastructure building, turning AI into a “force multiplier.” The finding spotlights a rapid shift in the threat landscape, with nation‑state groups...
Risk of Fraud and Disruption After Data Breach on Mexico Port Platform
A hacker from the Mexican group Sociedad Privada 157 breached the Ministry of the Navy’s Safe Smart Port (PIS) platform, exfiltrating 39.7 GB of data on roughly 640,000 logistics personnel. The compromised records include biometric identifiers, social security numbers, taxpayer IDs and...
Goldman Sachs ‘Hyperaware’ of AI Risks; Working with Anthropic on Mythos
Goldman Sachs warned that Anthropic’s new AI model, Mythos, can autonomously discover and exploit software vulnerabilities, raising serious cyber‑risk concerns for the financial sector. The bank’s CEO David Solomon said Goldman is "hyperaware" of these threats and is working with...
InfoReg Raises Alarm as Data Breaches Hit 788 in Q1
South Africa’s Information Regulator recorded 788 data‑breach notifications in the first quarter, a sharp rise that includes high‑profile incidents at Standard Bank, Liberty Group and Statistics South Africa. The regulator, led by Advocate Pansy Tlakula, warned that many reports lack...
Nightclub Giant RCI Hospitality Reports Data Breach
RCI Hospitality Holdings, a leading adult nightclub operator, disclosed a data breach affecting its independent contractors. The breach stemmed from an insecure direct object reference (IDOR) vulnerability on an IIS web server discovered on March 23, with unauthorized access beginning March 19....
Italtel, Quantum Bridge Partner to Protect Critical Communications
Italian system integrator Italtel has formed a strategic partnership with Canadian quantum‑security specialist Quantum Bridge Technologies to deliver post‑quantum communication solutions worldwide. The collaboration aims to embed quantum‑safe encryption into existing network infrastructures, targeting telecom operators, enterprises, and critical‑infrastructure owners....